vBulletin 2.0.3 Released - *important security fix*

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • John
    Senior Member
    • Apr 2000
    • 4042

    vBulletin 2.0.3 Released - *important security fix*

    vBulletin 2.0.3

    vBulletin 2.0.3 is primarily a security fix. It also contains fixes to correct some minor bugs in 2.0.2.

    This security fix is very important. It affects sessions.php only, so if you do not want to upgrade, please upload the new sessions.php at least. This issue affects all versions of vBulletin prior to 2.0.3 . More details will not be available until later until you have had a chance to upgrade.

    We were notified about this issue a little over an hour ago by Pine Internet (www.pine.nl) in cooperation with Laboratoire Contempt (www.contempt.nl). All credit goes to them for disclosing this issue to us, and we appreciate the notification.

    Backing up forums

    Please be sure to check your backups, that they are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through telnet, as it will not suffer from any such problems.

    New Installation Instructions

    For fresh installations, you must run the install.php file in the admin directory. Before you do this, take the config.php.new file, edit it to contain your details, then upload it as config.php to the server.

    Then you can run through the install.php script in much the same way as old install scripts. More details instructions are in the vBulletin online manual:


    Upgrade instructions:

    >From 1.1.x:
    Upload all the files but install.php, then run the upgrade1.php scrint in the admin area. When you are done, be sure to delete install.php and all the upgradex.php scripts.

    > From 2.0 betas and release candidates:
    Information is available here to upgrade to 2.0.0:

    Then follow the instructions below for upgrading to 2.0.3

    > From 2.0.0
    Upload all the files but install.php, then run the upgrade10.php script in the admin area. Then run upgrade11.php. Then run upgrade12.php. When you are done, be sure to delete all the upgradex.php scripts.

    > From 2.0.1
    Upload all the files but install.php, then run the upgrade11.php script in the admin area. Then run upgrade12.php. When you are done, be sure to delete all the upgradex.php scripts.

    > From 2.0.2
    Upload all the files but install.php, then run the upgrade12.php script in the admin area. When you are done, be sure to delete all the upgradex.php scripts.


    Changed Templates

    Note: Upgrading will not overwrite any of your custom templates.

    Template Changes
    - threads_splitthread - added addition row for forums <select>
    - getinfo - minor change - added link to add user to ignore list
    - postbit_ignore - added $post[postid]
    - usercp - added 'whoposted' javascript
    - standardredirect - added new bandwidth-saving redirect method

    You can view the new templates from in the control panel by clicking on the 'view original' next to your custom template.

    Changelog

    Bug Fixes/Enhancements
    - NEW - integration of Bira's 'split and move' hack into postings.php
    - fixed dodgy template query in admin/user.php
    - removed unecessary spaces and &nbsp; from pagenav generation function
    - css support in online.php
    - fixed bug with pruning posts in a sub forum
    - fixed bug with email address being shown on the mailform when it shouldn't be
    - fixed bug ( http://www.vbulletin.com/forum/showt...threadid=24111 ) in template postbit_ignore
    - fixed bug ( http://www.vbulletin.com/forum/showt...threadid=24027 ) in template usercp
    - NEW - new cross-browser javascript in standardredirect template can potentially save you LOTS of bandwidth

    Changed Files since 2.0.2
    - postings.php (added bira's split+move hack)
    - online.php (added $bgclass css support)
    - calendar.php (fixed bug: http://www.vbulletin.com/forum/showt...threadid=24084 )
    - member.php (fixed bug: http://www.vbulletin.com/forum/showt...threadid=23794 )
    - admin/thread.php (fixed bug: http://www.vbulletin.com/forum/showt...threadid=20346 )
    - admin/user.php (fixed bug: http://www.vbulletin.com/forum/showt...threadid=24097 )
    - admin/functions.php (fixed 'bug type thing': http://www.vbulletin.com/forum/showt...threadid=24100 )
    - admin/sessions.php
    - admin/global.php
    - admin/vbulletin.style

    In conclusion...

    Upload sessions.php. I cannot stress how important that is. This should be the last release for a little while, all being well, so it is well worth the upgrade.

    Anyway, get to that members area!

    John

    To discuss this, please post here:
    Last edited by Mike Sullivan; Tue 31 Jul '01, 9:24pm.
    John Percival

    Artificial intelligence usually beats real stupidity ;)
  • Kier
    Former Lead Developer, vBulletin
    • Sep 2000
    • 8179

    #2
    Important

    Please note that when you upgrade to 2.0.3, you must also perform the upgrade to 2.0.2 first! This means that you have to run upgrade11.php BEFORE you run upgrade12.php.

    Instructions for doing this are here.

    (ie: you must download the 2.0.3 zip file, then run upgrade11.php before you run upgrade12, if you have not already done so)

    edit by John for a little more clarity
    Last edited by John; Wed 1 Aug '01, 10:00am.

    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...